CAR INSURANCE OUTFIT the AA has suffered a major data breach that has exposed the personal information - including partial credit card data - of more than 100,000 customers.
As if this wasn't bad enough, the AA last week downplayed reports of the breach and took to Twitter to tell users that their details had not been harmed.
That's according to Motherboard, which has obtained a database which confirms that customer data was far from unharmed, and that, in fact, 13GB of the stuff was viewable online for a few days in April.
This includes 117,000 unique email addresses, full names, physical addresses, IP addresses, details of purchases, and payment card information - including the last four digits of the credit card and its expiry date.
Security researcher Scott Helme also told the website that the data also includes a number of password hashes, an expired certificate and private encryption key.
This data, Motherboard notes, is related to those who have purchased items from the AA's online store - furry dice and air fresheners, we assume - which is open to customers who aren't AA members.
"We can confirm that the AA was informed of a potential vulnerability involving some AA Shop data on 22nd April 2017," the AA said in a statement, adding that the issue was fixed on 25th April.
It also said that it has started an independent inquiry into the breach that it has alerted the Information Commissioner's Office (ICO) about it.
"Legal letters warning against a dissemination breach under the 'Computer Misuse Act' will be issued. The ICO has been informed and we have commissioned a full independent investigation into the issue. We take any data issues incredibly seriously and would like to reassure our AA Shop customers that their payment details have not been compromised."
As far as we can tell, the AA still hasn't notified customers about the breach. µ
Someone could be in for a NASty surpise
An assault course on the senses
Boasting Bionic boosting